Self-Hosted Main

502 readers

1 users here now

A place to share alternatives to popular online services that can be self-hosted without giving up privacy or locking you into a service you don't control.

For Example

Service: Dropbox - Alternative: Nextcloud
Service: Google Reader - Alternative: Tiny Tiny RSS
Service: Blogger - Alternative: WordPress

We welcome posts that include suggestions for good self-hosted alternatives to popular online services, how they are better, or how they give back control of your data. Also include hints and tips for less technical readers.

Useful Lists

Awesome-Selfhosted List of Software
Awesome-Sysadmin List of Software

founded 1 year ago

MODERATORS

communick@selfhosted.forum

LDAP and Tandoor (alien.top)

submitted 10 months ago by SeaPowerMax@alien.top to c/main@selfhosted.forum

1 comments fedilink hide all child comments

I recently set up a tandoor docker container and am looking around to see if anyone has experience or a walkthrough using it with LDAP authentication.

I don't have a tremendous amount of docker experience but am able to verify that I can perform LDAP queries and make connections from my docker server to my LDAP server. Yet whenever I try to log it as an LDAP user I get a generic bad username or password message.

How can I verify the tandoor container is able to contact the LDAP server? How can I configure tandoor to use LDAP?

TIA

Edit: here are the ldap settings i have in my .env file:

LDAP_AUTH=1
AUTH_LDAP_SERVER_URI=LDAP://FQDN:389
AUTH_LDAP_BIND_DN=CN=TandoorSA,OU=ServiceAccounts,DC=domain,DC=com
AUTH_LDAP_BIND_PASSWORD=SuperCoolPassword
AUTH_LDAP_USER_SEARCH_BASE_DN=OU=People,DC=domain,DC=com
AUTH_LDAP_USER_SEARCH_FILTER_STR=(memberof=CN=Group of Users,OU=People,DC=domain,DC=com)

you are viewing a single comment's thread
view the rest of the comments

[–] doweactuallycare@alien.top 1 points 10 months ago

Oooooookay.

The FQDN is your 'LDAP server'.

AUTH_LDAP_BIND_DN=CN=TandoorSA,OU=ServiceAccounts,DC=domain,DC=com

Its authenticating with an account called 'TandoorSA' which it expects to find in the OU ServiceAccounts.

You'll obviously need to create that first.

You'll also need to fill in the DC=domain with your actual domain, which you should know if you have setup ldap.

AUTH_LDAP_BIND_PASSWORD=SuperCoolPassword

Its using password 'SuperCoolPassword' when it logs into the 'TandoorSA' account.

AUTH_LDAP_USER_SEARCH_BASE_DN=OU=People,DC=domain,DC=com

It expects to find users in here in general. In the 'People' OU. You'll need to fill in the domain part again.

AUTH_LDAP_USER_SEARCH_FILTER_STR=(memberof=CN=Group of Users,OU=People,DC=domain,DC=com)

This is its search filter for user searching. Maybe i'm just rewording what its saying but theres not much more to it.

Fill in domain.

Thats 'bout it.

How did you setup LDAP without recognizing this stuff?